Warning: Permanently added '10.128.0.118' (ECDSA) to the list of known hosts. 2019/04/07 06:45:53 fuzzer started 2019/04/07 06:45:56 dialing manager at 10.128.0.26:34543 2019/04/07 06:45:56 syscalls: 2408 2019/04/07 06:45:56 code coverage: enabled 2019/04/07 06:45:56 comparison tracing: enabled 2019/04/07 06:45:56 extra coverage: extra coverage is not supported by the kernel 2019/04/07 06:45:56 setuid sandbox: enabled 2019/04/07 06:45:56 namespace sandbox: enabled 2019/04/07 06:45:56 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/07 06:45:56 fault injection: enabled 2019/04/07 06:45:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/07 06:45:56 net packet injection: enabled 2019/04/07 06:45:56 net device setup: enabled 06:47:51 executing program 0: r0 = socket(0x10, 0x80002, 0x0) open$dir(0x0, 0x0, 0x0) write$P9_RLINK(r0, 0x0, 0xff59) syzkaller login: [ 172.014451][ T7771] IPVS: ftp: loaded support on port[0] = 21 06:47:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000008380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1400000000000000000000000200000037000000"], 0x14}}], 0x1, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x331, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 172.118074][ T7771] chnl_net:caif_netlink_parms(): no params data found [ 172.170616][ T7771] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.179347][ T7771] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.187370][ T7771] device bridge_slave_0 entered promiscuous mode [ 172.195708][ T7771] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.219123][ T7771] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.226900][ T7771] device bridge_slave_1 entered promiscuous mode [ 172.245649][ T7775] IPVS: ftp: loaded support on port[0] = 21 [ 172.263284][ T7771] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.291627][ T7771] bond0: Enslaving bond_slave_1 as an active interface with an up link 06:47:51 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) r1 = dup(r0) write$FUSE_ENTRY(r1, &(0x7f00000002c0)={0x90}, 0x90) ioctl$SG_GET_NUM_WAITING(r1, 0x2286, &(0x7f0000000280)) [ 172.331792][ T7771] team0: Port device team_slave_0 added [ 172.339399][ T7771] team0: Port device team_slave_1 added [ 172.450631][ T7771] device hsr_slave_0 entered promiscuous mode [ 172.488472][ T7771] device hsr_slave_1 entered promiscuous mode [ 172.534322][ T7775] chnl_net:caif_netlink_parms(): no params data found [ 172.555310][ T7778] IPVS: ftp: loaded support on port[0] = 21 [ 172.565507][ T7771] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.572713][ T7771] bridge0: port 2(bridge_slave_1) entered forwarding state 06:47:51 executing program 3: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="021304000200"/16], 0x10}}, 0x0) [ 172.580357][ T7771] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.587406][ T7771] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.674360][ T7775] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.682910][ T7775] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.690908][ T7775] device bridge_slave_0 entered promiscuous mode [ 172.759187][ T7775] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.766237][ T7775] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.778746][ T7775] device bridge_slave_1 entered promiscuous mode [ 172.807963][ T7771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.832298][ T7778] chnl_net:caif_netlink_parms(): no params data found [ 172.849766][ T7775] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.862561][ T7782] IPVS: ftp: loaded support on port[0] = 21 [ 172.863641][ T7771] 8021q: adding VLAN 0 to HW filter on device team0 06:47:52 executing program 4: r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) getpid() close(r0) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$unix(0x1, 0x5, 0x0) ioctl$sock_proto_private(0xffffffffffffffff, 0x0, 0x0) getsockname$inet(r0, 0x0, &(0x7f0000000080)) [ 172.878980][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.891862][ T7774] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.911464][ T7774] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.919860][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 172.940995][ T7775] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.997611][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.012019][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.019124][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.038483][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.058343][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.065391][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.117230][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.152738][ T7775] team0: Port device team_slave_0 added [ 173.159570][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.177376][ T7786] IPVS: ftp: loaded support on port[0] = 21 [ 173.178319][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.195162][ T7778] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.205777][ T7778] device bridge_slave_0 entered promiscuous mode 06:47:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000080)={0x0, r0}) [ 173.224542][ T7775] team0: Port device team_slave_1 added [ 173.242596][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.250130][ T7778] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.257889][ T7778] device bridge_slave_1 entered promiscuous mode [ 173.265365][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.274116][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.285086][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.293504][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.305772][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 173.314666][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 173.326312][ T7771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 173.410826][ T7775] device hsr_slave_0 entered promiscuous mode [ 173.488544][ T7775] device hsr_slave_1 entered promiscuous mode [ 173.540662][ T7788] IPVS: ftp: loaded support on port[0] = 21 [ 173.553293][ T7778] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.563372][ T7778] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.583481][ T7778] team0: Port device team_slave_0 added [ 173.605158][ T7771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.615175][ T7778] team0: Port device team_slave_1 added [ 173.657773][ T7782] chnl_net:caif_netlink_parms(): no params data found [ 173.700022][ T7778] device hsr_slave_0 entered promiscuous mode [ 173.738565][ T7778] device hsr_slave_1 entered promiscuous mode 06:47:53 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000240)=""/197, 0xc5, 0x0) 06:47:53 executing program 0: 06:47:53 executing program 0: [ 173.872617][ T7778] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.879730][ T7778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.887034][ T7778] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.894127][ T7778] bridge0: port 1(bridge_slave_0) entered forwarding state 06:47:53 executing program 0: 06:47:53 executing program 0: [ 173.976881][ T7786] chnl_net:caif_netlink_parms(): no params data found [ 174.016526][ T7782] bridge0: port 1(bridge_slave_0) entered blocking state 06:47:53 executing program 0: 06:47:53 executing program 0: [ 174.030073][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.049512][ T7782] device bridge_slave_0 entered promiscuous mode [ 174.090586][ T7782] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.097649][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.114879][ T7782] device bridge_slave_1 entered promiscuous mode [ 174.154477][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.162850][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.193293][ T7782] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.212933][ T7788] chnl_net:caif_netlink_parms(): no params data found [ 174.233362][ T7782] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.260385][ T7775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.271970][ T7786] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.279323][ T7786] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.286813][ T7786] device bridge_slave_0 entered promiscuous mode [ 174.297477][ T7786] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.304674][ T7786] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.312666][ T7786] device bridge_slave_1 entered promiscuous mode [ 174.323079][ T7782] team0: Port device team_slave_0 added [ 174.330638][ T7782] team0: Port device team_slave_1 added [ 174.363565][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.371494][ T7779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.389137][ T7786] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.400233][ T7775] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.410899][ T7778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.450731][ T7782] device hsr_slave_0 entered promiscuous mode [ 174.498476][ T7782] device hsr_slave_1 entered promiscuous mode [ 174.554276][ T7786] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.573412][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.581840][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.590370][ T7774] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.597388][ T7774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.610752][ T7788] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.617787][ T7788] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.625498][ T7788] device bridge_slave_0 entered promiscuous mode [ 174.639724][ T7786] team0: Port device team_slave_0 added [ 174.645441][ T7788] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.653313][ T7788] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.661960][ T7788] device bridge_slave_1 entered promiscuous mode [ 174.671285][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.679472][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.686974][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.694701][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.703087][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.711895][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.718984][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.739503][ T7778] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.749254][ T7786] team0: Port device team_slave_1 added [ 174.766811][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.776302][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.792712][ T7788] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.804355][ T7788] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.825596][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.834305][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.842703][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.851465][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.859801][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.866823][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.877882][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.960016][ T7786] device hsr_slave_0 entered promiscuous mode [ 175.008566][ T7786] device hsr_slave_1 entered promiscuous mode [ 175.072781][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.081467][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.089757][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.098114][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.106426][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.113486][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.121103][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.129251][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.137250][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.145647][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.153758][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.161969][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.179890][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.188796][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.198044][ T7788] team0: Port device team_slave_0 added [ 175.217437][ T7782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.225797][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.234208][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.242723][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.251268][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.259738][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.267721][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.275954][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.292662][ T7778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.301356][ T7788] team0: Port device team_slave_1 added [ 175.314597][ T7782] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.332330][ T7775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.349786][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.357431][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.366344][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.374929][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.383634][ T7774] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.390726][ T7774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.416177][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.424158][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.433406][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.443151][ T7774] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.450256][ T7774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.464277][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.474506][ T7774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.476611][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 175.491973][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 175.492381][ T7778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.497011][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.512737][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.512743][ T7813] Call Trace: [ 175.512761][ T7813] dump_stack+0x172/0x1f0 [ 175.512784][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 175.535928][ T7813] sk_mc_loop+0x1d/0x210 [ 175.540185][ T7813] ip_mc_output+0x2ef/0xf70 [ 175.542996][ T7782] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 175.544687][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 175.544705][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 175.544724][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 175.544738][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 175.556865][ T7782] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 175.560204][ T7813] ip_local_out+0xc4/0x1b0 [ 175.560222][ T7813] ip_send_skb+0x42/0xf0 [ 175.560239][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 175.560253][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 175.560283][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 175.560298][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 175.560316][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 175.560345][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 175.560356][ T7813] ? __might_fault+0x12b/0x1e0 [ 175.560370][ T7813] ? find_held_lock+0x35/0x130 [ 175.583760][ T7782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.585709][ T7813] ? __might_sleep+0x95/0x190 [ 175.585726][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 175.594432][ T7813] ? aa_sk_perm+0x288/0x880 [ 175.619089][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 175.619107][ T7813] inet_sendmsg+0x147/0x5e0 [ 175.619120][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 175.619130][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 175.619142][ T7813] ? ipip_gro_receive+0x100/0x100 [ 175.619158][ T7813] sock_sendmsg+0xdd/0x130 [ 175.619178][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 175.619193][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 175.634051][ T7813] ? lock_downgrade+0x880/0x880 [ 175.699804][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.706045][ T7813] ? kasan_check_read+0x11/0x20 [ 175.710903][ T7813] ? __fget+0x381/0x550 [ 175.715045][ T7813] ? ksys_dup3+0x3e0/0x3e0 [ 175.719456][ T7813] ? __fget_light+0x1a9/0x230 [ 175.724132][ T7813] ? __fdget+0x1b/0x20 [ 175.728183][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.734596][ T7813] ? sockfd_lookup_light+0xcb/0x180 [ 175.739785][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 175.744447][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 175.749468][ T7813] ? _copy_to_user+0xc9/0x120 [ 175.754133][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.760386][ T7813] ? put_timespec64+0xda/0x140 [ 175.765136][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 175.769982][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.775421][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 175.780857][ T7813] ? do_syscall_64+0x26/0x610 [ 175.785511][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.791554][ T7813] ? do_syscall_64+0x26/0x610 [ 175.796218][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 175.801143][ T7813] do_syscall_64+0x103/0x610 [ 175.805710][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.811575][ T7813] RIP: 0033:0x4582b9 [ 175.815444][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.835131][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 175.843519][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 175.851467][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 175.859430][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 175.867400][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 175.875347][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 175.884894][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 175.894274][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 175.899380][ T7813] CPU: 1 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 175.908975][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.919002][ T7813] Call Trace: [ 175.922284][ T7813] dump_stack+0x172/0x1f0 [ 175.926608][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 175.932130][ T7813] sk_mc_loop+0x1d/0x210 [ 175.936375][ T7813] ip_mc_output+0x2ef/0xf70 [ 175.940957][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 175.946060][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 175.951505][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 175.956092][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 175.961107][ T7813] ip_local_out+0xc4/0x1b0 [ 175.965501][ T7813] ip_send_skb+0x42/0xf0 [ 175.969722][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 175.974906][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 175.979909][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 175.984487][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 175.989417][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 175.994429][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 175.999691][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.004429][ T7813] ? find_held_lock+0x35/0x130 [ 176.009177][ T7813] ? __might_sleep+0x95/0x190 [ 176.013845][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 176.019452][ T7813] ? aa_sk_perm+0x288/0x880 [ 176.023941][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 176.029463][ T7813] inet_sendmsg+0x147/0x5e0 [ 176.033939][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.039195][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 176.043842][ T7813] ? ipip_gro_receive+0x100/0x100 [ 176.048857][ T7813] sock_sendmsg+0xdd/0x130 [ 176.053256][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 176.057912][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 176.063347][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 176.068272][ T7813] ? lock_downgrade+0x880/0x880 [ 176.073096][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.079311][ T7813] ? kasan_check_read+0x11/0x20 [ 176.084139][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.088893][ T7813] ? find_held_lock+0x35/0x130 [ 176.093632][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.098376][ T7813] ? lock_downgrade+0x880/0x880 [ 176.103215][ T7813] ? ___might_sleep+0x163/0x280 [ 176.108043][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 176.112696][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 176.117703][ T7813] ? _copy_to_user+0xc9/0x120 [ 176.122358][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.128589][ T7813] ? put_timespec64+0xda/0x140 [ 176.133352][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 176.138189][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.143629][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.149077][ T7813] ? do_syscall_64+0x26/0x610 [ 176.153740][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.159781][ T7813] ? do_syscall_64+0x26/0x610 [ 176.164433][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 176.169355][ T7813] do_syscall_64+0x103/0x610 [ 176.173923][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.179788][ T7813] RIP: 0033:0x4582b9 [ 176.183668][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.203270][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 176.211656][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 176.219618][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 176.227675][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 176.235620][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 176.243664][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 176.255381][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 176.264763][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 176.269839][ T7813] CPU: 1 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 176.278950][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.289013][ T7813] Call Trace: [ 176.292281][ T7813] dump_stack+0x172/0x1f0 [ 176.296597][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 176.302118][ T7813] sk_mc_loop+0x1d/0x210 [ 176.306387][ T7813] ip_mc_output+0x2ef/0xf70 [ 176.310875][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 176.315981][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 176.321443][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 176.326030][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.331039][ T7813] ip_local_out+0xc4/0x1b0 [ 176.335442][ T7813] ip_send_skb+0x42/0xf0 [ 176.339679][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 176.344851][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 176.349882][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 176.354461][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 176.359374][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.364378][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.369635][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.374377][ T7813] ? find_held_lock+0x35/0x130 [ 176.379149][ T7813] ? __might_sleep+0x95/0x190 [ 176.383805][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 176.389408][ T7813] ? aa_sk_perm+0x288/0x880 [ 176.393911][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 176.399468][ T7813] inet_sendmsg+0x147/0x5e0 [ 176.403962][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.409231][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 176.413884][ T7813] ? ipip_gro_receive+0x100/0x100 [ 176.418902][ T7813] sock_sendmsg+0xdd/0x130 [ 176.423292][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 176.427947][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 176.433381][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 176.438292][ T7813] ? lock_downgrade+0x880/0x880 [ 176.443116][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.449331][ T7813] ? kasan_check_read+0x11/0x20 [ 176.454155][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.458896][ T7813] ? find_held_lock+0x35/0x130 [ 176.463633][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.468388][ T7813] ? lock_downgrade+0x880/0x880 [ 176.473224][ T7813] ? ___might_sleep+0x163/0x280 [ 176.478048][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 176.482716][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 176.487724][ T7813] ? _copy_to_user+0xc9/0x120 [ 176.492466][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.498697][ T7813] ? put_timespec64+0xda/0x140 [ 176.503448][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 176.508298][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.513731][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.519163][ T7813] ? do_syscall_64+0x26/0x610 [ 176.523817][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.529876][ T7813] ? do_syscall_64+0x26/0x610 [ 176.534530][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 176.539456][ T7813] do_syscall_64+0x103/0x610 [ 176.544033][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.549895][ T7813] RIP: 0033:0x4582b9 [ 176.553768][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.573352][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 176.581734][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 176.589678][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 176.597624][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 176.605576][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 176.613521][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 176.623836][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 176.633192][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 176.639140][ T7813] CPU: 1 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 176.648152][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.658191][ T7813] Call Trace: [ 176.661469][ T7813] dump_stack+0x172/0x1f0 [ 176.665778][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 176.671306][ T7813] sk_mc_loop+0x1d/0x210 [ 176.675523][ T7813] ip_mc_output+0x2ef/0xf70 [ 176.680025][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 176.685131][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 176.690571][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 176.695159][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.700172][ T7813] ip_local_out+0xc4/0x1b0 [ 176.704691][ T7813] ip_send_skb+0x42/0xf0 [ 176.708910][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 176.714089][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 176.719094][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 176.723663][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 176.728593][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 176.733613][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.738884][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.743620][ T7813] ? find_held_lock+0x35/0x130 [ 176.748365][ T7813] ? __might_sleep+0x95/0x190 [ 176.753013][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 176.758641][ T7813] ? aa_sk_perm+0x288/0x880 [ 176.763121][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 176.768640][ T7813] inet_sendmsg+0x147/0x5e0 [ 176.773116][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 176.778376][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 176.783025][ T7813] ? ipip_gro_receive+0x100/0x100 [ 176.788027][ T7813] sock_sendmsg+0xdd/0x130 [ 176.792429][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 176.797082][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 176.802521][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 176.807447][ T7813] ? lock_downgrade+0x880/0x880 [ 176.812282][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.818511][ T7813] ? kasan_check_read+0x11/0x20 [ 176.823370][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.828106][ T7813] ? find_held_lock+0x35/0x130 [ 176.832855][ T7813] ? __might_fault+0x12b/0x1e0 [ 176.837607][ T7813] ? lock_downgrade+0x880/0x880 [ 176.842435][ T7813] ? ___might_sleep+0x163/0x280 [ 176.847282][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 176.851960][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 176.856993][ T7813] ? _copy_to_user+0xc9/0x120 [ 176.861648][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.867861][ T7813] ? put_timespec64+0xda/0x140 [ 176.872609][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 176.877446][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.882881][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 176.888323][ T7813] ? do_syscall_64+0x26/0x610 [ 176.892996][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.899135][ T7813] ? do_syscall_64+0x26/0x610 [ 176.903806][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 176.908722][ T7813] do_syscall_64+0x103/0x610 [ 176.913319][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.919193][ T7813] RIP: 0033:0x4582b9 [ 176.923074][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.942684][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 176.951084][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 176.959028][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 176.966976][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 176.974922][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 176.982876][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 176.994577][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 177.004338][ T7788] device hsr_slave_0 entered promiscuous mode [ 177.004585][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 177.015477][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.024474][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.034502][ T7813] Call Trace: [ 177.037769][ T7813] dump_stack+0x172/0x1f0 [ 177.042092][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 177.047614][ T7813] sk_mc_loop+0x1d/0x210 [ 177.051842][ T7813] ip_mc_output+0x2ef/0xf70 [ 177.056332][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 177.061418][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 177.066856][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 177.071950][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.076978][ T7813] ip_local_out+0xc4/0x1b0 [ 177.081375][ T7813] ip_send_skb+0x42/0xf0 [ 177.085597][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 177.090787][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 177.095807][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 177.100376][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 177.105292][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.110307][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.115607][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.120348][ T7813] ? find_held_lock+0x35/0x130 [ 177.125095][ T7813] ? __might_sleep+0x95/0x190 [ 177.129756][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 177.135375][ T7813] ? aa_sk_perm+0x288/0x880 [ 177.139859][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 177.145402][ T7813] inet_sendmsg+0x147/0x5e0 [ 177.149893][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.155162][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 177.159837][ T7813] ? ipip_gro_receive+0x100/0x100 [ 177.164854][ T7813] sock_sendmsg+0xdd/0x130 [ 177.169453][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 177.174119][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 177.179556][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 177.184470][ T7813] ? lock_downgrade+0x880/0x880 [ 177.189309][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.195556][ T7813] ? kasan_check_read+0x11/0x20 [ 177.200397][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.205137][ T7813] ? find_held_lock+0x35/0x130 [ 177.209887][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.214644][ T7813] ? lock_downgrade+0x880/0x880 [ 177.219493][ T7813] ? ___might_sleep+0x163/0x280 [ 177.224322][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 177.228990][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 177.234022][ T7813] ? _copy_to_user+0xc9/0x120 [ 177.238693][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.244937][ T7813] ? put_timespec64+0xda/0x140 [ 177.249690][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 177.254528][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.259962][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.265407][ T7813] ? do_syscall_64+0x26/0x610 [ 177.270070][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.276126][ T7813] ? do_syscall_64+0x26/0x610 [ 177.280796][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 177.285708][ T7813] do_syscall_64+0x103/0x610 [ 177.290378][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.296250][ T7813] RIP: 0033:0x4582b9 [ 177.300122][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.319785][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 177.328194][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 177.336151][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 177.344112][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 177.352060][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 177.360013][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 177.370209][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 177.379638][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 177.384663][ T7813] CPU: 1 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.393685][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.403734][ T7813] Call Trace: [ 177.410087][ T7813] dump_stack+0x172/0x1f0 [ 177.417633][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 177.422883][ T7788] device hsr_slave_1 entered promiscuous mode [ 177.423187][ T7813] sk_mc_loop+0x1d/0x210 [ 177.433455][ T7813] ip_mc_output+0x2ef/0xf70 [ 177.437958][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 177.443070][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 177.448520][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 177.448534][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.448552][ T7813] ip_local_out+0xc4/0x1b0 [ 177.458126][ T7813] ip_send_skb+0x42/0xf0 [ 177.466741][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 177.471940][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 177.476976][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 177.481562][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 177.486496][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.491501][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.496761][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.501530][ T7813] ? find_held_lock+0x35/0x130 [ 177.506277][ T7813] ? __might_sleep+0x95/0x190 [ 177.510950][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 177.516557][ T7813] ? aa_sk_perm+0x288/0x880 [ 177.521059][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 177.526591][ T7813] inet_sendmsg+0x147/0x5e0 [ 177.531070][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.536326][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 177.540976][ T7813] ? ipip_gro_receive+0x100/0x100 [ 177.545990][ T7813] sock_sendmsg+0xdd/0x130 [ 177.550393][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 177.555047][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 177.560480][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 177.565392][ T7813] ? lock_downgrade+0x880/0x880 [ 177.570221][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.576438][ T7813] ? kasan_check_read+0x11/0x20 [ 177.581266][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.586014][ T7813] ? find_held_lock+0x35/0x130 [ 177.590750][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.595493][ T7813] ? lock_downgrade+0x880/0x880 [ 177.600350][ T7813] ? ___might_sleep+0x163/0x280 [ 177.605186][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 177.609839][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 177.614843][ T7813] ? _copy_to_user+0xc9/0x120 [ 177.619503][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.625723][ T7813] ? put_timespec64+0xda/0x140 [ 177.630460][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 177.635301][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.640842][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.646292][ T7813] ? do_syscall_64+0x26/0x610 [ 177.650966][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.657026][ T7813] ? do_syscall_64+0x26/0x610 [ 177.661689][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 177.666602][ T7813] do_syscall_64+0x103/0x610 [ 177.671169][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.677042][ T7813] RIP: 0033:0x4582b9 [ 177.680924][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.700503][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 177.708886][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 177.716836][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 177.724778][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 177.732732][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 177.740679][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 177.749885][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 177.759247][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 177.764291][ T7813] CPU: 1 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 177.773411][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.783438][ T7813] Call Trace: [ 177.786704][ T7813] dump_stack+0x172/0x1f0 [ 177.791017][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 177.796559][ T7813] sk_mc_loop+0x1d/0x210 [ 177.800794][ T7813] ip_mc_output+0x2ef/0xf70 [ 177.805284][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 177.810373][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 177.815806][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 177.820392][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.825407][ T7813] ip_local_out+0xc4/0x1b0 [ 177.829800][ T7813] ip_send_skb+0x42/0xf0 [ 177.834019][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 177.839205][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 177.844207][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 177.848800][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 177.853713][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.858730][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.863999][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.868775][ T7813] ? find_held_lock+0x35/0x130 [ 177.873561][ T7813] ? __might_sleep+0x95/0x190 [ 177.878216][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 177.883844][ T7813] ? aa_sk_perm+0x288/0x880 [ 177.888320][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 177.893837][ T7813] inet_sendmsg+0x147/0x5e0 [ 177.898337][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 177.903682][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 177.908334][ T7813] ? ipip_gro_receive+0x100/0x100 [ 177.913997][ T7813] sock_sendmsg+0xdd/0x130 [ 177.918401][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 177.923056][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 177.928491][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 177.933401][ T7813] ? lock_downgrade+0x880/0x880 [ 177.938226][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.944457][ T7813] ? kasan_check_read+0x11/0x20 [ 177.949285][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.954023][ T7813] ? find_held_lock+0x35/0x130 [ 177.958776][ T7813] ? __might_fault+0x12b/0x1e0 [ 177.963515][ T7813] ? lock_downgrade+0x880/0x880 [ 177.968348][ T7813] ? ___might_sleep+0x163/0x280 [ 177.973176][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 177.977828][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 177.982832][ T7813] ? _copy_to_user+0xc9/0x120 [ 177.987507][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.993724][ T7813] ? put_timespec64+0xda/0x140 [ 177.998475][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 178.003395][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.008830][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.014264][ T7813] ? do_syscall_64+0x26/0x610 [ 178.018927][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.024968][ T7813] ? do_syscall_64+0x26/0x610 [ 178.029622][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 178.034551][ T7813] do_syscall_64+0x103/0x610 [ 178.039151][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.045031][ T7813] RIP: 0033:0x4582b9 [ 178.048912][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.068502][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 178.076894][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 178.084839][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 178.092791][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.100736][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 178.108685][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 178.117498][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 178.126838][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 178.132005][ T7813] CPU: 1 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 178.141017][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.151064][ T7813] Call Trace: [ 178.154355][ T7813] dump_stack+0x172/0x1f0 [ 178.158692][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 178.164239][ T7813] sk_mc_loop+0x1d/0x210 [ 178.168499][ T7813] ip_mc_output+0x2ef/0xf70 [ 178.169186][ T7788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.173002][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 178.173020][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 178.186731][ T7788] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.190135][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 178.190150][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.190168][ T7813] ip_local_out+0xc4/0x1b0 [ 178.190185][ T7813] ip_send_skb+0x42/0xf0 [ 178.215059][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 178.218460][ T7788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.220255][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 178.220277][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 178.236969][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 178.239473][ T7788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.241914][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.241933][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 178.253666][ T7813] ? __might_fault+0x12b/0x1e0 [ 178.253696][ T7813] ? find_held_lock+0x35/0x130 [ 178.253727][ T7813] ? __might_sleep+0x95/0x190 [ 178.273143][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 178.278770][ T7813] ? aa_sk_perm+0x288/0x880 [ 178.278792][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 178.278810][ T7813] inet_sendmsg+0x147/0x5e0 [ 178.288813][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 178.288824][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 178.288837][ T7813] ? ipip_gro_receive+0x100/0x100 [ 178.288859][ T7813] sock_sendmsg+0xdd/0x130 [ 178.312671][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 178.317353][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 178.322816][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 178.327758][ T7813] ? lock_downgrade+0x880/0x880 [ 178.332608][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.338860][ T7813] ? kasan_check_read+0x11/0x20 [ 178.343720][ T7813] ? __might_fault+0x12b/0x1e0 [ 178.348482][ T7813] ? find_held_lock+0x35/0x130 [ 178.353242][ T7813] ? __might_fault+0x12b/0x1e0 [ 178.358014][ T7813] ? lock_downgrade+0x880/0x880 [ 178.362871][ T7813] ? ___might_sleep+0x163/0x280 [ 178.362888][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 178.372380][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 178.372405][ T7813] ? _copy_to_user+0xc9/0x120 [ 178.372423][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.388297][ T7813] ? put_timespec64+0xda/0x140 [ 178.393060][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 178.397934][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.403388][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.408822][ T7813] ? do_syscall_64+0x26/0x610 [ 178.413498][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.419540][ T7813] ? do_syscall_64+0x26/0x610 [ 178.424207][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 178.429131][ T7813] do_syscall_64+0x103/0x610 [ 178.433696][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.439558][ T7813] RIP: 0033:0x4582b9 [ 178.443440][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.463018][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 178.471403][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 178.479351][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 178.487295][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.495252][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 178.503206][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 178.513497][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.515499][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 178.521988][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.522450][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.523090][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.524627][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.525259][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.525730][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.534689][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 178.534705][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 178.534711][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.534716][ T7813] Call Trace: [ 178.534733][ T7813] dump_stack+0x172/0x1f0 [ 178.534754][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 178.534768][ T7813] sk_mc_loop+0x1d/0x210 [ 178.534782][ T7813] ip_mc_output+0x2ef/0xf70 [ 178.534800][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 178.543464][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.550382][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 178.550395][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 178.550409][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.550426][ T7813] ip_local_out+0xc4/0x1b0 [ 178.558802][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.566074][ T7813] ip_send_skb+0x42/0xf0 [ 178.574309][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.581658][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 178.581674][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 178.581694][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 178.581712][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 178.587327][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.595726][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.595746][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 178.595758][ T7813] ? __might_fault+0x12b/0x1e0 [ 178.595774][ T7813] ? find_held_lock+0x35/0x130 [ 178.606308][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.609098][ T7813] ? __might_sleep+0x95/0x190 [ 178.609115][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 178.609128][ T7813] ? aa_sk_perm+0x288/0x880 [ 178.609148][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 178.609164][ T7813] inet_sendmsg+0x147/0x5e0 [ 178.609175][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 178.609185][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 178.609196][ T7813] ? ipip_gro_receive+0x100/0x100 [ 178.609211][ T7813] sock_sendmsg+0xdd/0x130 [ 178.609227][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 178.609244][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 178.609276][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 178.609289][ T7813] ? lock_downgrade+0x880/0x880 [ 178.609303][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.609322][ T7813] ? kasan_check_read+0x11/0x20 [ 178.609347][ T7813] ? __might_fault+0x12b/0x1e0 [ 178.609361][ T7813] ? find_held_lock+0x35/0x130 [ 178.609380][ T7813] ? __might_fault+0x12b/0x1e0 [ 178.614146][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.619212][ T7813] ? lock_downgrade+0x880/0x880 [ 178.619234][ T7813] ? ___might_sleep+0x163/0x280 [ 178.619248][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 178.619265][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 178.623933][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.627990][ T7813] ? _copy_to_user+0xc9/0x120 [ 178.633665][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.640766][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.640781][ T7813] ? put_timespec64+0xda/0x140 [ 178.640798][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 178.646239][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.650803][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.650815][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.650850][ T7813] ? do_syscall_64+0x26/0x610 [ 178.658692][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.660252][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.668900][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.672268][ T7813] ? do_syscall_64+0x26/0x610 [ 178.680267][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.685132][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 178.690188][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.694701][ T7813] do_syscall_64+0x103/0x610 [ 178.700795][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.706779][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.712632][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.717036][ T7813] RIP: 0033:0x4582b9 [ 178.729231][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.733683][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.744510][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.748420][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 178.748433][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 178.748442][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 178.748450][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 178.748458][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 178.748466][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 178.761423][ T7813] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7813 [ 178.770969][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.773687][ T7813] caller is sk_mc_loop+0x1d/0x210 [ 178.782310][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.782777][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19 [ 178.809907][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.813760][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.830368][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.831272][ T7813] Call Trace: [ 178.846575][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.850719][ T7813] dump_stack+0x172/0x1f0 [ 178.850742][ T7813] __this_cpu_preempt_check+0x246/0x270 [ 178.850758][ T7813] sk_mc_loop+0x1d/0x210 [ 178.850772][ T7813] ip_mc_output+0x2ef/0xf70 [ 178.850790][ T7813] ? __ip_queue_xmit+0x1bf0/0x1bf0 [ 178.863823][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.870394][ T7813] ? ip_append_data.part.0+0x170/0x170 [ 178.870407][ T7813] ? ip_make_skb+0x1b1/0x2c0 [ 178.870421][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.870439][ T7813] ip_local_out+0xc4/0x1b0 [ 178.870453][ T7813] ip_send_skb+0x42/0xf0 [ 178.870470][ T7813] udp_send_skb.isra.0+0x6b2/0x1180 [ 179.201989][ T7813] ? xfrm_lookup_route+0x5b/0x1f0 [ 179.207004][ T7813] udp_sendmsg+0x1dfd/0x2820 [ 179.211576][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 179.216499][ T7813] ? ip_reply_glue_bits+0xc0/0xc0 [ 179.221511][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 179.226771][ T7813] ? __might_fault+0x12b/0x1e0 [ 179.231510][ T7813] ? find_held_lock+0x35/0x130 [ 179.236266][ T7813] ? __might_sleep+0x95/0x190 [ 179.240926][ T7813] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 179.246537][ T7813] ? aa_sk_perm+0x288/0x880 [ 179.251022][ T7813] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 179.256553][ T7813] inet_sendmsg+0x147/0x5e0 [ 179.261042][ T7813] ? udp4_lib_lookup_skb+0x440/0x440 [ 179.266318][ T7813] ? inet_sendmsg+0x147/0x5e0 [ 179.270974][ T7813] ? ipip_gro_receive+0x100/0x100 [ 179.275977][ T7813] sock_sendmsg+0xdd/0x130 [ 179.280382][ T7813] ___sys_sendmsg+0x3e2/0x930 [ 179.285045][ T7813] ? copy_msghdr_from_user+0x430/0x430 [ 179.290594][ T7813] ? __lock_acquire+0x548/0x3fb0 [ 179.295511][ T7813] ? lock_downgrade+0x880/0x880 [ 179.300340][ T7813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.306559][ T7813] ? kasan_check_read+0x11/0x20 [ 179.311387][ T7813] ? __might_fault+0x12b/0x1e0 [ 179.316126][ T7813] ? find_held_lock+0x35/0x130 [ 179.320867][ T7813] ? __might_fault+0x12b/0x1e0 [ 179.325634][ T7813] ? lock_downgrade+0x880/0x880 [ 179.330578][ T7813] ? ___might_sleep+0x163/0x280 [ 179.335407][ T7813] __sys_sendmmsg+0x1bf/0x4d0 [ 179.340084][ T7813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 179.345095][ T7813] ? _copy_to_user+0xc9/0x120 [ 179.349753][ T7813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.355970][ T7813] ? put_timespec64+0xda/0x140 [ 179.360731][ T7813] ? nsecs_to_jiffies+0x30/0x30 [ 179.365566][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.371003][ T7813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.376445][ T7813] ? do_syscall_64+0x26/0x610 [ 179.381115][ T7813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.387158][ T7813] ? do_syscall_64+0x26/0x610 [ 179.391815][ T7813] __x64_sys_sendmmsg+0x9d/0x100 [ 179.396743][ T7813] do_syscall_64+0x103/0x610 [ 179.401331][ T7813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.407209][ T7813] RIP: 0033:0x4582b9 [ 179.411083][ T7813] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.430667][ T7813] RSP: 002b:00007ff026165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 179.439056][ T7813] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 179.447006][ T7813] RDX: 0000000000000331 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 179.454964][ T7813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 179.462917][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0261666d4 [ 179.470867][ T7813] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 179.527638][ T7786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.563639][ T7786] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.593901][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.602672][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 06:47:58 executing program 1: 06:47:58 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r1 = dup2(r0, r0) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b6aafd95721f0d006f76aa0d8c923460b593a4c06b8ba456643d31a5e141d841185ef000346ff659e9"], 0x1}}, 0x44801) sendmsg$FOU_CMD_DEL(r1, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={0x0}}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000680)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe}) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000800)=ANY=[@ANYBLOB]) mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f00000006c0)=""/67) openat$sequencer(0xffffffffffffff9c, 0x0, 0x20040, 0x0) 06:47:58 executing program 3: prlimit64(0x0, 0x9, &(0x7f0000000040), 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x6) [ 179.637982][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.652511][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.662156][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.669249][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.716489][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.744322][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.753546][ C1] hrtimer: interrupt took 34453 ns [ 179.766340][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.773430][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.789929][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.798930][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.807471][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.816476][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.830844][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.842694][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.860789][ T7786] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 179.875382][ T7786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.894691][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.906006][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.921738][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.943356][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.953837][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.965677][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.975921][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 06:47:59 executing program 4: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000100)=0x21d, 0x2cb) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) sendto$inet(r1, &(0x7f0000000200)="96", 0x1, 0x0, 0x0, 0x0) recvfrom(r1, 0x0, 0x0, 0x2000, 0x0, 0x0) sendmsg$IPVS_CMD_SET_DEST(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) 06:47:59 executing program 5: 06:47:59 executing program 2: 06:47:59 executing program 1: 06:47:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000140), 0x12) 06:47:59 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r1 = dup2(r0, r0) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b6aafd95721f0d006f76aa0d8c923460b593a4c06b8ba456643d31a5e141d841185ef000346ff659e9"], 0x1}}, 0x44801) sendmsg$FOU_CMD_DEL(r1, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={0x0}}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000680)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe}) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000800)=ANY=[@ANYBLOB]) mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f00000006c0)=""/67) openat$sequencer(0xffffffffffffff9c, 0x0, 0x20040, 0x0) [ 180.013117][ T7786] 8021q: adding VLAN 0 to HW filter on device batadv0 06:47:59 executing program 1: syz_execute_func(&(0x7f00000003c0)="410f01f964ff090f01d941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dccc4a180c6d100") r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = dup3(r1, r0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0x55cf) sendto$inet(r1, &(0x7f0000000300)="e695d7fd4428d67b8690c2809788d0d23de6ca8507f6dbda1a026d4cf74251dd5957592035f1d9310d12561f8368b816326835c4f4fc291e27a69cf4118ff3fdcc8d00d402c20870dec639ef07b451581c84f08d35ac0bcd7b6e851c68b0be42e8035c03309c445bb36d15d5a9f11623563de0516003163aa2ab2c8106218b30d5a82afc81a83162a2356102205743ccdaee72e43c723f4aa07f66e45b4e834eb97fd8bcdb10edaa2dbb4e51f6b5ce32f8f1ef51476ffddc43b26cb723f9c62c45fea8e99b554a7c97edeedf1a0ef50079d6e6f18536931b9182b0b6248bc24b2491701015e71ec414e2ddc0bc226344e06cc0d386e9706661fc22574b4f295f07337bd2af8df4450c7325298de6bbbb660f6847d12a4070a5fc472a499bf82da42302bfcbc33ad4be47d21e1bd0ee7758f0cb859ba3c16c138fbe3d978bcc253ec3a0e14d45378c12d260cfdb955d6d7122ec4b03ea53c9bd5aed7ed32cbcea8063706aa391daf5e7a5a1e095309b9e65c8418f4ebfbda48d137baf185c75579457ca2bec93725813c88135d9d35708ed4aeea4d563fd2eb910b2b35a91182ff9a807a83642471822593e14eb1b36b1b3402d3d7f94749270155431e9fe7481aea2013b6816ae1ad4b95c7a7eea6e57c68d9ca3e83c5c5f1e8e2f79135f1c61479cefb3b968a8614606a8e3dfecc29a977b152139aeb2804486f6c6273e467e7b824bfac50fc38025ce36713821f9231963ee5ffcf077b8dbe200cfc3bf9c23a4cdb51644f315c1be4f961ccff54e9bfc7804fee9c6cc042380bfd4959394cc1cce0590705c23d9e40fa1b3c7d67672a852da477ea8de486b77d505105ec9430349203174d965da5a7fda8407a4fff9d14be977607e6cf5f854f19923e70df4f6bfe8768028f0cbb6e333ff17d173a7bfc91bbf2715b199feb0bc92c4ccd12496ee1ef066ded3dbf5f3ffb968ace935b4ea363d544210c286a776a7c4aa5d1fb410435ddac4ef28ff86ebfe230022cbbf8ff3613f7f5050c5013b629c091b4400f18a1e4c1a9eff95809150d0572bf64fb9802c25f9b249e0aceb0431623a7b197037f1322758df3c93d7ed7cf5703e706bd4936ac3eb06329286596bfe4d3e21c24c8ab4466c0ea6cac11addb8bf16f98abf3b4dd70fa7446e06bba89240732c6d881ae5078be1e600407cf7f9d77438dda28c7ae1c385d50667ec03f1357da5232489d572eeebbc91a063ebcb1930536c90f15bb5490bd6a2aa241f00d1a41dd40ab53b9b532b3ccb720c69115e66e5c144841a4295035b7421ca8ae4f6b16b60ab68045fa1c46c5e809828213a4347823921dbbaa79136e272d3e624966a992454d9cf2f38f76728880cd86049c3e7f59f921c98687c3b7b35045b9957b6228abae0f5b1d7641947361436f412098eee955f814949580f4733ebe1e987259f5762b76e6d11d5a31fc1d61f6814eebb47adb785a7bac9f591c4c1ebf1771fe171a63ca918ddbfbf8f0d0444d95614ccbd6535c611a58b9cd543d57af91907b2e93d78a3f63855aeec52e5a76a2cd8ee428ec2c89887cf67dcc767ba3d7853f683d8679b3d61e8540b78a00dfc144ee19383217a4c2bc9cebc61642387eebdfe0882d4e57176075b6dbe7a1a6e9bcd1c21d2f37b079f77abfc9f08a0fddd7b35eb52b5e13e1b7913fc28e8a000569f0345a72a11e3a70d3b426390f7f1643d8c67b4aefb4094021111667977e51e68b6829cb5583c25314c58c1acf3e6553f82d06c20ba0d631f606e7a4dd5ce4116803e49e1f5a64bd514d6dafae00718a8f7acdffb3d54253e4c0f009b97cb1f3b10d695b7f97e2f987c1ac686817d87c8feffa5887b75d0b950e18fe8c10ebc36aed4d3e6bcfa68a3c0fbf2a90e5f1d560656dbb24f65103a0b2d26142ca6f069c132156372563f190299f08448e1e646482533c1ea2177c4623fc9445d2b7ce8becb17422b8743947bdb65e39e5b3b35102e1e3867e75ad29390d63e1ce29ee848bd43d0abf419ba766128670c5ae1c83aa53bb7fa06e98577eb78970177711659d777cd96a4c4f17f7be82bd9d57efcc228cf7c9d00cf639fdca54f5b1022b7a91c591063454c6ba4bb35867a48893b3cc038d750ac6762fcbe652bbe524c3b01c75487625011be9382380531cc7fac762ca74e40976bb834956e021c1b4a5f2b31cebab6e5e55b20bee2e6c02e36b86064af64e7327697c105269fe6ca406fbe9e91c121e4f20b3585e5eb8118c5dec168b5c897935e82eaf60f289e2169ab459bb65dfb98be20813f1808fdb3cb90c124ea83d0832be338c37010ed5dd0a18df6dcb969a5eb6c552700b535d44a5d5a6507c05b0846032388e0a9bcf47008f37663e5490d72f6a8d765503836ea50d18636e7c7e34ac7a7c946cfd13833d00ac968044f82d650613f5332d479cb689a", 0x6c1, 0x0, 0x0, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f0000000280)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x2404c011) 06:47:59 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x200, 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)='./file1\x00') mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000100)='./file1\x00', 0x0, 0x0) write$P9_RGETATTR(r1, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) 06:47:59 executing program 2: ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x2000000008}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e1f, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0) 06:47:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x2000000008}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0) 06:47:59 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r1 = dup2(r0, r0) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b6aafd95721f0d006f76aa0d8c923460b593a4c06b8ba456643d31a5e141d841185ef000346ff659e9"], 0x1}}, 0x44801) sendmsg$FOU_CMD_DEL(r1, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={0x0}}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000680)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe}) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000800)=ANY=[@ANYBLOB]) mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f00000006c0)=""/67) openat$sequencer(0xffffffffffffff9c, 0x0, 0x20040, 0x0) 06:47:59 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x5) write$binfmt_misc(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="5300000044a6aeabec2e15fc1772f184bc1b3f0000ff034017db20000000003b08d450ffffb3560000080000ab31c357e3972f415ff5d288b9ce837c597e9ce542003606024079025f759e9f5d54076bb40000f3c6bd4400"], 0x58) 06:47:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000140), 0x12) 06:47:59 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000140)=0x6, 0x12) 06:47:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x2000000008}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0) 06:47:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioperm(0x0, 0x9d8d, 0xffffffff) 06:47:59 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) 06:47:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)) 06:47:59 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r1 = dup2(r0, r0) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b6aafd95721f0d006f76aa0d8c923460b593a4c06b8ba456643d31a5e141d841185ef000346ff659e9"], 0x1}}, 0x44801) sendmsg$FOU_CMD_DEL(r1, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={0x0}}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000680)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe}) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000800)=ANY=[@ANYBLOB]) mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f00000006c0)=""/67) openat$sequencer(0xffffffffffffff9c, 0x0, 0x20040, 0x0) 06:47:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000140), 0x12) 06:47:59 executing program 2: keyctl$join(0x1, &(0x7f00000005c0)) 06:47:59 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) 06:47:59 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) shutdown(r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000200)={@broadcast, @remote, 0x0, 0x7, [@loopback, @dev={0xac, 0x14, 0x14, 0x1c}, @multicast2, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, @remote]}, 0x2c) getsockopt$sock_buf(r1, 0x1, 0x1f, &(0x7f0000000180)=""/106, &(0x7f00000000c0)=0x6a) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e23, @loopback=0xac1414e0}]}, &(0x7f0000000080)=0x10) 06:47:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)) 06:47:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x2000000008}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0) 06:48:00 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000080)={0x1}, 0x8) sendto$inet6(r1, 0x0, 0x1fb, 0x24000000, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) 06:48:00 executing program 2: socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) write$cgroup_int(r1, &(0x7f0000000980), 0xffffff4d) sendmsg$kcm(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f00000009c0)="26330a8bf5189fc5bb9779ff4d7bc49267f6a34129572c05807ead334cef26a4af866911da692ba5efc938d6457d6b6d49cb10e80ff4bd339a800f492b1d22c919b04aede7e1e4128775cd479e8a8bd59f6166697a123de4324d0a6cdd5d43b9d1ba4b14ab401fccf1723373b72518cf8167b1655e0ed9b503679dd21d818015fc31e8e4605b7c0fa0b8b55db1de43bc6430a6c466f0d180b1978c07d5836ae615c3197c751b3477e64d289e105beae1ed56098b995732620317ba8d0d7812c6ac1caa0f796d6eb6721f53ce013441fa15b59ebbc0cac43196ecff36b58adcfc9b4ce256ab7848baadfa55231a1a4acff1bb21e2d47c5a7b3bff0d2843bdff9773a31b981010626b88c9461d5f55ab29b06e942225de39560951ccf25ca49e5bbb36b9ea62a8ac0a0f46b2e8378dcba860bdcf7c870be7ddad574404b636942a3f9c3b7dc6986b8c7398a81340ff17f449b3dad0f9274d4c263710630fdd33bec1e2017e528bab835999c25a88d751118c4a592ab77f41bfe55f4a0b5b88ba4f3f078e41b4e173cbe4cdbcce0d0a714099e2594f7bf19c936da3072e5614c5da49b40388517ab7ba1b3cc34a4fc713382cc48b81b6cbdf1519b0b31d024061be1ed049cf6119ae689ce37b9d89b4dc8802b5cc5add8a95feb88c6c402f301fa6a2263bbdaafb647d0c81202e77b5ed8b196cb3003d3315ed5643e896191ab444955785919169a848971914f99f144203e9f229a84a2ee9ab5a8242a416ce3055ef10562cb7b4af2b4a4bc1479714abaacfc8873601f2186e6615fd0cc55e2c1712e721fb47dbd45be75df1b19e97b76753a24fa9cb2e4ac0988cddd03f8f963e27543fcfe999ed09e39f365ddfd3709ab464242bd67e902c0206cd0e49af7b0198f65c3394e32430891e369089c7f5031a50f09d3571150e4cf416e8ec2fd48af0e3d04030600324093aeaa5b8e2e9643cb01e7e9a8e5ee90825a8a0a79281e5f378d937c1d597d0884c236b421b0fe325d035a8de3acfb1d03ab5991f09cad8baeb992cb6599a36b76ee91d1e72ed84d749eba1ae7c7c16149888f6b2e19c024f32e9291b71aafb3b7fe2f9f104fca29b9ee21ee9c3cbab5f51a62171b1daee1f9301a216b9e55bcbae5044d957c9450b8dcb16f67ce54618498177d2731046f6b21e33ae4aacc568bb381827102d1dd233caf678a157105af485356e9e2f2b0a6e3a5fb92d9ad389dea93c25eab847adbc7665ae22eff65aaf9192027d2f2bd06e4f86d48388a073b4ef049c1557dbbe6773e33e7bc0d287ce22edc61ef1359f56ceb635a0fe89a6f40856e804231e3ecbb4c9687ead295b199efa82eba1ab473d2f70094612b883ca803177f9a30d304da290b602957d30d3587ef4fc6b4febb311ea895206b47f8c09c2a4904a63bb133a151e53ed07d9be9c4032e34d3639dad13d1b65379752d7e2d8bdc61ac8c7dab49ff4fa86c4abef9ce53952c21b72e56e4338972c688edbef2fd64d3adda4ecedde2dabb89de738ee8075f9fd6b6b464b76125bf9f1c83978f82cbffe2ab3aab25b66c338030951515132dc55c27458c55b5f20eaee296fee2549b1a1181d3317858ea3d9f556cc83bf0a553fa75703e92e195e4e39411cf728a7ae28fff358a45178ecf2eeb570c1b562c92c6ac2e063babf13d7a72f797fc1857e8545d7eeff99e58061961583c547e67e424b727d9a9e63558790c992777dcef38556106c6905ee9a7314bf50d9c9e0f2fb3b048c803773db331e9b6663e146e90086a0db50465b9f6052a89675f5f2791a3b478b546b752177f642c46355221c4889e757586ccc7a4f3fbdfa778a6a3fab0e40a01276758ccb0e10cf5bde004936e7eba88d4c7e0749fca344740e39a026f4c93e18a438c7e26f0bd1550df3627dd4b457e7f9f38e710e8a502f2bd9c9c14d5d9cd3cecc11bf7482eb4a42552f7ef1615776ae1f2bcc4940cf9060d724a0c1ac1fd62d3e73ffa4a4a7105c16d49b4a35231ae0aaffa56783c393ca9bb8f41fb1118b539c25b25baaed88e8c590e7ff9d8cd7db5c1623319cb5afed5fb4aa90b4114eb8c77f53ea75bec0ea319ec5f008e9e349c1524ce1405b257afbfd1e56c460f23d89773ae6c9ae5575df38ceb9a37770bfb334adbbecbe542a00371f9fdc6e9286e75a280647b0ed5dfa16975906fc55bce9224bd310e1bee640c3c890c716c762b2de33d2093d2bef840e4cdc5be330c9790a09fbe1684e4fdb6b99219afc92179e85bbc889ac07199f8304e208035336f725cfbb2ea81188f14099b6af8594035e2a26c4e56d29edf1f4928928113cc8c952d56b631fd18495184af0d6cf9aaf454b935b242ffe66ad110244ad9afd03d9f710e7dc92278555143f079180992d3ba4f16da0fcbbc0899ae2a8c9646df116d429bcadfc3fbbc41b525c5762e836fc46044ca08adaf89f00ccc8c3cb97dd5ca174a9b6f87ecb4071451cf3f117fca7108c8efe3883cc2824fd12ae69b16b2a7b66f0568a64b83e0ba2919a06312fd28adbdd346b7fd9a8857df68edb08770748f03e8a0cf8d3db3d6109d7a19ab91270b31566885f8cdac619d8fc301cb5fd26f3f223e3070ce27f4a5168db1ba4a4ac28a462454a9438dbf139fdeb43eeb6fed7645ffea2f992b9be4b6e5c6ec9586f1c128091fd33a439ca800d08f1607dad69e4be5df7942c9d02d3293a87b1549461e53abefdd1cdcbff3698631b19b78e4836a0993e3707d406cb82c63e36cabb661cb832a01ae7d2e9f35e78798cbcadb27bbdd027958a4be83f449d323903d648aba8f73e95eb430cb3b3ce110761c990441c31eab11c3fc278e79af9d5505b451850c755949fdbbb7b400ed1c2fc4c770f5191021f851d43ae243abc4e91ddd710dedf732a48250a3f1e71e28e45f6bc7892e359df8d53153108dd94d0f65a3366fd4af62971a02d6af2baea5c0b5e52f4708c025b8af81dde38ef6ea52c380cbca17958e644b039eec8d89bced952671562b66f4acb577acda78f722a48df051e154c5b9c0f2913c448c41958eba4432df33f783ef76cca9197d46ba43eb0807322ea4d7ca279795db75a0300bc5e90424e880dd93d67ed9a332b7bb99f7257d2e3a7b2ddbb0bb70ecfd6fc365c997795c4c9ba915b80899879f27bd8b6e27198e8e6be188a1cd410518165fb8cd841accb797cd4ad3633e3824e7d5653f524b5741b9898c31f836f13e59dd3cc614222ab784caaa9dee24dfbd93b0d66edb9180b0d528bba67c50c13912cd323ba99840c1d9b38459b8161a206a8dfd44a435d026ddcf8df5a1bd9fc9fbaf0716b04ea5f7b15379ab7bd215c0ab7926c97ec502cf4592b7f870bcc47ea5b982193286347053197f2e642d3f5fa086e59b42f9c81e28f18d0484e09a9b0077973391d8f2b0d1f37d97133ea66e37d2bc89fb9a9b653cc52051145c6c2b38a68cb32a3a4562af72ffbedcae239d2ffa8ade503f287981d46b42ea0ea86771931b876d7b6d185a144977957256a3d9f55a579acf827c1fd5fca250097a16b52f98620c730f6e07aeab68ceffd4bd933ba90edbe7c6ac94b4a9fad6ccc479e6734e59c2cc44eb2529f6dc9ea0635511b678e337efb544b92337d92d241c57566f8bb186877e833a2dcd7a2a70aaa45cb2fa96c66417c4bb2867b524e3530b30e0aa8658f5f8eed1ff937a1d30273f6740a4cb78455b1b410b4135632fd2f2dccb3dee3a73ee22f13de48c23630070439ec76f8a30643ba2f7abdfd266045d7884e64162cc280dbc11d6be57a56e63d80fdd4a69f1ad9213790d807db26a4503f888a1b932a36b8ae564b22f07db63059b7a1d7ee441daf103bdf34dc92bbd5a1d8fa14fa65a8f7e3e89e2ffc487af8a16111bd95ec022d22b06eaa3e9fe983958afae8a69f379f00f5cc94b7976c0c1091aa0793e91b435c1d642feaa6584fd9ef1820300c0478a288b18d47a0f7c25806a73d6e106c01900daa24d7b9dc3287770106c842c40fdceeb4072b4b33414e1dda2cb0515ea64b2cf8acb3f88b0f415808eb1831bbf81f5fbcaf35d183ad0a61ffcd1a047a2685e218bb11e6e710c9416c8fd930cdfd5eb993f6a32ed76b3b32a198fbb34b34bbcd460dce49c133d75ca60f7cb024def375153f5fc967edb75d98a8732f2f5cd3a17787bf77f5a02ef169d890ff96ef59d147962837305ce3ab20776bc01e8fe32ddd57ef386811c97b4aca3b364a4f4703222208d18dc343fb8d2ab07c48380fb331ed38a5f88171159b2e4dc0fa2164fc22a194a48366af5e2ab4925df203f20506115b794bf675dbc44dabea131272570b2e11247957f886d41b12b8a521bf56b75178ce1711f4107d7ef43f950d452787014a42f77b882df1adfeef04c16fa714b59eccb7863bd43da15da632d99101b9e8a9ffd1bec9d146c66782fa0642bf0c297c7c6febe2f0fd2c9268b6cdc6f3ac03c2463803785875ea8a2e7c6031dc4b663769a43d63f64b0a10e4e6ed119270ed17788f8d6381c80c51f9fcd6646fc764748f7d75f75fc22807021c4e560b434a89336d6aab7aa8ed2e42b3a6a46d287a945865fc10c18ec8b54df0316e2cef1487f63ca1fd3f73eed17ef07ac9050048824da91511a811baed315709557b99ac431fe3787f46bb3b4927e231b23d03fec839f5c2ef3979bedec815a05a3d27f78f12aaa4ae16b2b292c999244e528ce7c1ccfa1a2ff29bce81bbaf880a5d86b39af2c6b97305ce136bf76cb7beb4d1c5a133c68d068215974d368f04b63b3ccb4c0ad8", 0xd41}], 0x1, 0x0, 0x0, 0x4}, 0x0) recvmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x3f00) [ 180.763026][ T7923] check_preemption_disabled: 885 callbacks suppressed [ 180.763039][ T7923] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7923 [ 180.779466][ T7923] caller is ip6_finish_output+0x335/0xdc0 [ 180.785191][ T7923] CPU: 0 PID: 7923 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 180.794216][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.804258][ T7923] Call Trace: [ 180.807535][ T7923] dump_stack+0x172/0x1f0 [ 180.811894][ T7923] __this_cpu_preempt_check+0x246/0x270 [ 180.817454][ T7923] ip6_finish_output+0x335/0xdc0 [ 180.822383][ T7923] ip6_output+0x235/0x7f0 [ 180.826702][ T7923] ? ip6_finish_output+0xdc0/0xdc0 [ 180.831805][ T7923] ? ip6_fragment+0x3980/0x3980 [ 180.836658][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.841679][ T7923] ip6_local_out+0xc4/0x1b0 [ 180.846173][ T7923] ip6_send_skb+0xbb/0x350 [ 180.850587][ T7923] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 180.856045][ T7923] udpv6_sendmsg+0x21e3/0x28d0 [ 180.860807][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 180.865824][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.871797][ T7923] ? aa_profile_af_perm+0x320/0x320 [ 180.876983][ T7923] ? __might_fault+0x12b/0x1e0 [ 180.881730][ T7923] ? find_held_lock+0x35/0x130 [ 180.886481][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.892792][ T7923] ? rw_copy_check_uvector+0x2a6/0x330 [ 180.898278][ T7923] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 180.904061][ T7923] inet_sendmsg+0x147/0x5e0 [ 180.908545][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 180.914502][ T7923] ? inet_sendmsg+0x147/0x5e0 [ 180.919164][ T7923] ? ipip_gro_receive+0x100/0x100 [ 180.924195][ T7923] sock_sendmsg+0xdd/0x130 [ 180.928599][ T7923] ___sys_sendmsg+0x3e2/0x930 [ 180.933263][ T7923] ? copy_msghdr_from_user+0x430/0x430 [ 180.938713][ T7923] ? lock_downgrade+0x880/0x880 [ 180.943558][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.949882][ T7923] ? kasan_check_read+0x11/0x20 [ 180.954732][ T7923] ? __fget+0x381/0x550 [ 180.958886][ T7923] ? ksys_dup3+0x3e0/0x3e0 [ 180.963292][ T7923] ? perf_trace_run_bpf_submit+0x138/0x190 [ 180.969100][ T7923] ? __fget_light+0x1a9/0x230 [ 180.973765][ T7923] ? __fdget+0x1b/0x20 [ 180.977816][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.984038][ T7923] ? sockfd_lookup_light+0xcb/0x180 [ 180.989399][ T7923] __sys_sendmmsg+0x1bf/0x4d0 [ 180.994074][ T7923] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 180.999117][ T7923] ? _copy_to_user+0xc9/0x120 [ 181.003784][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.010022][ T7923] ? put_timespec64+0xda/0x140 [ 181.014771][ T7923] ? nsecs_to_jiffies+0x30/0x30 [ 181.019616][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.025067][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.030506][ T7923] ? do_syscall_64+0x26/0x610 [ 181.035180][ T7923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.041238][ T7923] ? do_syscall_64+0x26/0x610 [ 181.045914][ T7923] __x64_sys_sendmmsg+0x9d/0x100 [ 181.050840][ T7923] do_syscall_64+0x103/0x610 [ 181.055425][ T7923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.061299][ T7923] RIP: 0033:0x4582b9 [ 181.065193][ T7923] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.085279][ T7923] RSP: 002b:00007f507e452c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 181.093673][ T7923] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 181.101739][ T7923] RDX: 0400000000000027 RSI: 00000000200002c0 RDI: 0000000000000004 [ 181.109696][ T7923] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 181.117654][ T7923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f507e4536d4 [ 181.125609][ T7923] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 181.143571][ T7926] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7926 [ 181.153145][ T7926] caller is ip6_finish_output+0x335/0xdc0 [ 181.158952][ T7926] CPU: 0 PID: 7926 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.167967][ T7926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.178029][ T7926] Call Trace: [ 181.181322][ T7926] dump_stack+0x172/0x1f0 [ 181.185660][ T7926] __this_cpu_preempt_check+0x246/0x270 [ 181.191215][ T7926] ip6_finish_output+0x335/0xdc0 [ 181.196168][ T7926] ip6_output+0x235/0x7f0 [ 181.200504][ T7926] ? ip6_finish_output+0xdc0/0xdc0 [ 181.205290][ T7923] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7923 [ 181.205623][ T7926] ? ip6_fragment+0x3980/0x3980 [ 181.215011][ T7923] caller is ip6_finish_output+0x335/0xdc0 [ 181.219770][ T7926] ip6_xmit+0xe41/0x20c0 [ 181.219798][ T7926] ? ip6_finish_output2+0x2550/0x2550 [ 181.219816][ T7926] ? mark_held_locks+0xf0/0xf0 [ 181.239798][ T7926] ? perf_trace_lock+0x510/0x510 [ 181.244726][ T7926] ? ip6_setup_cork+0x1870/0x1870 [ 181.249762][ T7926] inet6_csk_xmit+0x2fb/0x5d0 [ 181.254429][ T7926] ? inet6_csk_update_pmtu+0x190/0x190 [ 181.259875][ T7926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.266115][ T7926] ? csum_ipv6_magic+0x20/0x80 [ 181.270878][ T7926] __tcp_transmit_skb+0x1a32/0x3750 [ 181.276080][ T7926] ? __tcp_select_window+0x8b0/0x8b0 [ 181.281449][ T7926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.287678][ T7926] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 181.293129][ T7926] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 181.299370][ T7926] tcp_connect+0x1e47/0x4280 [ 181.303965][ T7926] ? tcp_push_one+0x110/0x110 [ 181.308635][ T7926] ? secure_tcpv6_ts_off+0x24f/0x360 [ 181.313918][ T7926] ? secure_dccpv6_sequence_number+0x280/0x280 [ 181.320063][ T7926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.326295][ T7926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.332524][ T7926] ? prandom_u32_state+0x13/0x180 [ 181.337546][ T7926] tcp_v6_connect+0x150b/0x20a0 [ 181.342389][ T7926] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 181.347752][ T7926] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 181.353024][ T7926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.359250][ T7926] ? debug_smp_processor_id+0x3c/0x280 [ 181.364711][ T7926] ? find_held_lock+0x35/0x130 [ 181.369472][ T7926] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 181.375099][ T7926] __inet_stream_connect+0x83f/0xea0 [ 181.380371][ T7926] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 181.385646][ T7926] ? __inet_stream_connect+0x83f/0xea0 [ 181.391106][ T7926] ? inet_dgram_connect+0x2e0/0x2e0 [ 181.396398][ T7926] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 181.401759][ T7926] ? rcu_read_lock_sched_held+0x110/0x130 [ 181.407469][ T7926] ? kmem_cache_alloc_trace+0x354/0x760 [ 181.413003][ T7926] ? sock_zerocopy_realloc+0x268/0x4a0 [ 181.418457][ T7926] tcp_sendmsg_locked+0x231f/0x37f0 [ 181.423648][ T7926] ? mark_held_locks+0xf0/0xf0 [ 181.428405][ T7926] ? mark_held_locks+0xa4/0xf0 [ 181.433176][ T7926] ? tcp_sendpage+0x60/0x60 [ 181.437665][ T7926] ? lock_sock_nested+0x9a/0x120 [ 181.442590][ T7926] ? trace_hardirqs_on+0x67/0x230 [ 181.447604][ T7926] ? lock_sock_nested+0x9a/0x120 [ 181.452546][ T7926] ? __local_bh_enable_ip+0x15a/0x270 [ 181.457916][ T7926] tcp_sendmsg+0x30/0x50 [ 181.462152][ T7926] inet_sendmsg+0x147/0x5e0 [ 181.466645][ T7926] ? ipip_gro_receive+0x100/0x100 [ 181.471660][ T7926] sock_sendmsg+0xdd/0x130 [ 181.476065][ T7926] __sys_sendto+0x262/0x380 [ 181.480582][ T7926] ? __ia32_sys_getpeername+0xb0/0xb0 [ 181.485971][ T7926] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.492216][ T7926] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.497664][ T7926] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.503109][ T7926] ? do_syscall_64+0x26/0x610 [ 181.507776][ T7926] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.513838][ T7926] __x64_sys_sendto+0xe1/0x1a0 [ 181.518611][ T7926] do_syscall_64+0x103/0x610 [ 181.523191][ T7926] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.529070][ T7926] RIP: 0033:0x4582b9 [ 181.532956][ T7926] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.552546][ T7926] RSP: 002b:00007fa79c617c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c 06:48:00 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) [ 181.560944][ T7926] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 181.568903][ T7926] RDX: 00000000000001fb RSI: 0000000000000000 RDI: 0000000000000005 [ 181.576861][ T7926] RBP: 000000000073bf00 R08: 00000000200000c0 R09: 000000000000001c [ 181.584825][ T7926] R10: 0000000024000000 R11: 0000000000000246 R12: 00007fa79c6186d4 [ 181.592780][ T7926] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 181.600758][ T7923] CPU: 1 PID: 7923 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.609774][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.619824][ T7923] Call Trace: [ 181.623136][ T7923] dump_stack+0x172/0x1f0 [ 181.627480][ T7923] __this_cpu_preempt_check+0x246/0x270 [ 181.633033][ T7923] ip6_finish_output+0x335/0xdc0 [ 181.637981][ T7923] ip6_output+0x235/0x7f0 [ 181.642333][ T7923] ? ip6_finish_output+0xdc0/0xdc0 [ 181.647462][ T7923] ? ip6_fragment+0x3980/0x3980 [ 181.652578][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 181.657612][ T7923] ip6_local_out+0xc4/0x1b0 [ 181.657638][ T7923] ip6_send_skb+0xbb/0x350 06:48:00 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) [ 181.657660][ T7923] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 181.657683][ T7923] udpv6_sendmsg+0x21e3/0x28d0 [ 181.657700][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 181.666582][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 181.666605][ T7923] ? aa_profile_af_perm+0x320/0x320 [ 181.666621][ T7923] ? __might_fault+0x12b/0x1e0 [ 181.666638][ T7923] ? find_held_lock+0x35/0x130 [ 181.666656][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.702488][ T7923] ? rw_copy_check_uvector+0x2a6/0x330 06:48:01 executing program 4: ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) [ 181.702543][ T7923] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 181.702566][ T7923] inet_sendmsg+0x147/0x5e0 [ 181.719753][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 181.730229][ T7923] ? inet_sendmsg+0x147/0x5e0 [ 181.734910][ T7923] ? ipip_gro_receive+0x100/0x100 [ 181.739945][ T7923] sock_sendmsg+0xdd/0x130 [ 181.744364][ T7923] ___sys_sendmsg+0x3e2/0x930 [ 181.749041][ T7923] ? copy_msghdr_from_user+0x430/0x430 [ 181.754506][ T7923] ? __lock_acquire+0x548/0x3fb0 [ 181.759453][ T7923] ? lock_downgrade+0x880/0x880 [ 181.764303][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.764329][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.764346][ T7923] ? debug_smp_processor_id+0x3c/0x280 [ 181.764369][ T7923] ? __might_fault+0x12b/0x1e0 [ 181.764383][ T7923] ? find_held_lock+0x35/0x130 [ 181.764401][ T7923] ? __might_fault+0x12b/0x1e0 [ 181.776844][ T7923] ? lock_downgrade+0x880/0x880 [ 181.776877][ T7923] ? ___might_sleep+0x163/0x280 [ 181.776895][ T7923] __sys_sendmmsg+0x1bf/0x4d0 [ 181.776926][ T7923] ? __ia32_sys_sendmsg+0xb0/0xb0 06:48:01 executing program 4: ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) [ 181.776950][ T7923] ? _copy_to_user+0xc9/0x120 [ 181.820676][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.826921][ T7923] ? put_timespec64+0xda/0x140 [ 181.831687][ T7923] ? nsecs_to_jiffies+0x30/0x30 [ 181.836551][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.842012][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 181.847471][ T7923] ? do_syscall_64+0x26/0x610 [ 181.852149][ T7923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.858215][ T7923] ? do_syscall_64+0x26/0x610 [ 181.858454][ T7945] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7945 [ 181.862895][ T7923] __x64_sys_sendmmsg+0x9d/0x100 [ 181.862915][ T7923] do_syscall_64+0x103/0x610 [ 181.862936][ T7923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.862948][ T7923] RIP: 0033:0x4582b9 [ 181.862962][ T7923] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.862975][ T7923] RSP: 002b:00007f507e452c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 181.872264][ T7945] caller is ip6_finish_output+0x335/0xdc0 [ 181.877152][ T7923] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 181.933690][ T7923] RDX: 0400000000000027 RSI: 00000000200002c0 RDI: 0000000000000004 [ 181.941651][ T7923] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 181.949616][ T7923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f507e4536d4 [ 181.957574][ T7923] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 181.965559][ T7945] CPU: 0 PID: 7945 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 181.974572][ T7945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.984623][ T7945] Call Trace: [ 181.987926][ T7945] dump_stack+0x172/0x1f0 [ 181.992264][ T7945] __this_cpu_preempt_check+0x246/0x270 [ 181.997820][ T7945] ip6_finish_output+0x335/0xdc0 [ 182.002796][ T7945] ip6_output+0x235/0x7f0 [ 182.007158][ T7945] ? ip6_finish_output+0xdc0/0xdc0 [ 182.012269][ T7945] ? ip6_fragment+0x3980/0x3980 [ 182.017122][ T7945] ip6_xmit+0xe41/0x20c0 [ 182.021360][ T7945] ? ip6_finish_output2+0x2550/0x2550 [ 182.026717][ T7945] ? mark_held_locks+0xf0/0xf0 [ 182.031463][ T7945] ? perf_trace_lock+0x510/0x510 [ 182.036387][ T7945] ? ip6_setup_cork+0x1870/0x1870 [ 182.041427][ T7945] inet6_csk_xmit+0x2fb/0x5d0 [ 182.046110][ T7945] ? inet6_csk_update_pmtu+0x190/0x190 [ 182.051550][ T7945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.057793][ T7945] ? csum_ipv6_magic+0x20/0x80 [ 182.062547][ T7945] __tcp_transmit_skb+0x1a32/0x3750 [ 182.067824][ T7945] ? __tcp_select_window+0x8b0/0x8b0 [ 182.073108][ T7945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.079331][ T7945] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 182.084783][ T7945] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 182.091003][ T7945] tcp_connect+0x1e47/0x4280 [ 182.095589][ T7945] ? tcp_push_one+0x110/0x110 [ 182.100360][ T7945] ? secure_tcpv6_ts_off+0x24f/0x360 [ 182.105627][ T7945] ? secure_dccpv6_sequence_number+0x280/0x280 [ 182.111763][ T7945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.117999][ T7945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.124221][ T7945] ? prandom_u32_state+0x13/0x180 [ 182.129256][ T7945] tcp_v6_connect+0x150b/0x20a0 [ 182.134089][ T7945] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 182.139467][ T7945] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 182.144741][ T7945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.151482][ T7945] ? debug_smp_processor_id+0x3c/0x280 [ 182.157046][ T7945] ? find_held_lock+0x35/0x130 [ 182.161790][ T7945] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 182.167408][ T7945] __inet_stream_connect+0x83f/0xea0 [ 182.172689][ T7945] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 182.177957][ T7945] ? __inet_stream_connect+0x83f/0xea0 [ 182.183411][ T7945] ? inet_dgram_connect+0x2e0/0x2e0 [ 182.188596][ T7945] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 182.193950][ T7945] ? rcu_read_lock_sched_held+0x110/0x130 [ 182.199651][ T7945] ? kmem_cache_alloc_trace+0x354/0x760 [ 182.205183][ T7945] ? sock_zerocopy_realloc+0x268/0x4a0 [ 182.210631][ T7945] tcp_sendmsg_locked+0x231f/0x37f0 [ 182.215812][ T7945] ? mark_held_locks+0xf0/0xf0 [ 182.220574][ T7945] ? mark_held_locks+0xa4/0xf0 [ 182.225323][ T7945] ? tcp_sendpage+0x60/0x60 [ 182.229807][ T7945] ? lock_sock_nested+0x9a/0x120 [ 182.234731][ T7945] ? trace_hardirqs_on+0x67/0x230 [ 182.239736][ T7945] ? lock_sock_nested+0x9a/0x120 [ 182.244674][ T7945] ? __local_bh_enable_ip+0x15a/0x270 [ 182.250034][ T7945] tcp_sendmsg+0x30/0x50 [ 182.254256][ T7945] inet_sendmsg+0x147/0x5e0 [ 182.258761][ T7945] ? ipip_gro_receive+0x100/0x100 [ 182.263772][ T7945] sock_sendmsg+0xdd/0x130 [ 182.268173][ T7945] __sys_sendto+0x262/0x380 [ 182.272659][ T7945] ? __ia32_sys_getpeername+0xb0/0xb0 [ 182.278028][ T7945] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.284265][ T7945] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.289707][ T7945] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.295151][ T7945] ? do_syscall_64+0x26/0x610 [ 182.299809][ T7945] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.305866][ T7945] __x64_sys_sendto+0xe1/0x1a0 [ 182.310619][ T7945] do_syscall_64+0x103/0x610 [ 182.315197][ T7945] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.321080][ T7945] RIP: 0033:0x4582b9 [ 182.324963][ T7945] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.344545][ T7945] RSP: 002b:00007fa79c5f6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 182.352933][ T7945] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 182.360885][ T7945] RDX: 00000000000001fb RSI: 0000000000000000 RDI: 0000000000000008 06:48:01 executing program 4: ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) 06:48:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)) [ 182.368855][ T7945] RBP: 000000000073bfa0 R08: 00000000200000c0 R09: 000000000000001c [ 182.376808][ T7945] R10: 0000000024000000 R11: 0000000000000246 R12: 00007fa79c5f76d4 [ 182.384764][ T7945] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff 06:48:01 executing program 2: syz_emit_ethernet(0x44, &(0x7f0000000080), 0x0) [ 182.510373][ T7923] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7923 [ 182.520145][ T7923] caller is ip6_finish_output+0x335/0xdc0 [ 182.525895][ T7923] CPU: 1 PID: 7923 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.534902][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.544962][ T7923] Call Trace: [ 182.548255][ T7923] dump_stack+0x172/0x1f0 [ 182.552603][ T7923] __this_cpu_preempt_check+0x246/0x270 [ 182.558149][ T7923] ip6_finish_output+0x335/0xdc0 [ 182.558170][ T7923] ip6_output+0x235/0x7f0 [ 182.558188][ T7923] ? ip6_finish_output+0xdc0/0xdc0 [ 182.572538][ T7923] ? ip6_fragment+0x3980/0x3980 [ 182.572559][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.582406][ T7923] ip6_local_out+0xc4/0x1b0 [ 182.586914][ T7923] ip6_send_skb+0xbb/0x350 [ 182.591333][ T7923] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 182.596790][ T7923] udpv6_sendmsg+0x21e3/0x28d0 [ 182.601558][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 182.606611][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.612603][ T7923] ? aa_profile_af_perm+0x320/0x320 [ 182.617798][ T7923] ? __might_fault+0x12b/0x1e0 [ 182.622560][ T7923] ? find_held_lock+0x35/0x130 [ 182.622581][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.622595][ T7923] ? rw_copy_check_uvector+0x2a6/0x330 [ 182.622637][ T7923] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 182.644767][ T7923] inet_sendmsg+0x147/0x5e0 [ 182.649310][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 182.655339][ T7923] ? inet_sendmsg+0x147/0x5e0 06:48:01 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f000000b000)={0x0, 0x0, &(0x7f00005a6ff0)={&(0x7f0000451ccc)=@updsa={0xf0, 0x1a, 0x1, 0x0, 0x0, {{@in6=@dev, @in=@loopback}, {@in6, 0x0, 0x2b}, @in6, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0) 06:48:01 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000080)={0x1}, 0x8) sendto$inet6(r1, 0x0, 0x1fb, 0x24000000, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) [ 182.660016][ T7923] ? ipip_gro_receive+0x100/0x100 [ 182.665048][ T7923] sock_sendmsg+0xdd/0x130 [ 182.669571][ T7923] ___sys_sendmsg+0x3e2/0x930 [ 182.674279][ T7923] ? copy_msghdr_from_user+0x430/0x430 [ 182.679743][ T7923] ? __lock_acquire+0x548/0x3fb0 [ 182.684842][ T7923] ? lock_downgrade+0x880/0x880 [ 182.689753][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.696060][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.702346][ T7923] ? debug_smp_processor_id+0x3c/0x280 [ 182.707924][ T7923] ? __might_fault+0x12b/0x1e0 [ 182.712711][ T7923] ? find_held_lock+0x35/0x130 [ 182.717496][ T7923] ? __might_fault+0x12b/0x1e0 [ 182.718272][ T7967] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7967 [ 182.722312][ T7923] ? lock_downgrade+0x880/0x880 [ 182.722333][ T7923] ? ___might_sleep+0x163/0x280 [ 182.722352][ T7923] __sys_sendmmsg+0x1bf/0x4d0 [ 182.731642][ T7967] caller is ip6_finish_output+0x335/0xdc0 [ 182.736448][ T7923] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 182.756659][ T7923] ? _copy_to_user+0xc9/0x120 [ 182.761350][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.767609][ T7923] ? put_timespec64+0xda/0x140 [ 182.772388][ T7923] ? nsecs_to_jiffies+0x30/0x30 [ 182.777244][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.782708][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 182.788169][ T7923] ? do_syscall_64+0x26/0x610 [ 182.792921][ T7923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.798993][ T7923] ? do_syscall_64+0x26/0x610 [ 182.803663][ T7923] __x64_sys_sendmmsg+0x9d/0x100 [ 182.808593][ T7923] do_syscall_64+0x103/0x610 [ 182.813174][ T7923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.819067][ T7923] RIP: 0033:0x4582b9 [ 182.822973][ T7923] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.842590][ T7923] RSP: 002b:00007f507e452c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 182.851035][ T7923] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 182.858995][ T7923] RDX: 0400000000000027 RSI: 00000000200002c0 RDI: 0000000000000004 [ 182.866953][ T7923] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 182.874913][ T7923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f507e4536d4 [ 182.882882][ T7923] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 182.890861][ T7967] CPU: 0 PID: 7967 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19 [ 182.900103][ T7967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.910153][ T7967] Call Trace: [ 182.913455][ T7967] dump_stack+0x172/0x1f0 [ 182.913914][ T7923] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7923 [ 182.917780][ T7967] __this_cpu_preempt_check+0x246/0x270 [ 182.927886][ T7923] caller is ip6_finish_output+0x335/0xdc0 [ 182.932564][ T7967] ip6_finish_output+0x335/0xdc0 [ 182.932585][ T7967] ip6_output+0x235/0x7f0 [ 182.932602][ T7967] ? ip6_finish_output+0xdc0/0xdc0 [ 182.932621][ T7967] ? ip6_fragment+0x3980/0x3980 [ 182.957558][ T7967] ip6_xmit+0xe41/0x20c0 [ 182.961814][ T7967] ? ip6_finish_output2+0x2550/0x2550 [ 182.967198][ T7967] ? mark_held_locks+0xf0/0xf0 [ 182.971963][ T7967] ? ip6_setup_cork+0x1870/0x1870 [ 182.977021][ T7967] inet6_csk_xmit+0x2fb/0x5d0 [ 182.981709][ T7967] ? inet6_csk_update_pmtu+0x190/0x190 [ 182.987157][ T7967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.993398][ T7967] ? csum_ipv6_magic+0x20/0x80 [ 182.998163][ T7967] __tcp_transmit_skb+0x1a32/0x3750 [ 183.003379][ T7967] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.008857][ T7967] ? __tcp_select_window+0x8b0/0x8b0 [ 183.014135][ T7967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.020394][ T7967] ? tcp_fastopen_no_cookie+0xe0/0x190 [ 183.025931][ T7967] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 183.032161][ T7967] tcp_connect+0x1e47/0x4280 [ 183.036753][ T7967] ? tcp_push_one+0x110/0x110 [ 183.041450][ T7967] ? secure_tcpv6_ts_off+0x24f/0x360 [ 183.046739][ T7967] ? secure_dccpv6_sequence_number+0x280/0x280 [ 183.052881][ T7967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.059109][ T7967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.065342][ T7967] ? prandom_u32_state+0x13/0x180 [ 183.071023][ T7967] tcp_v6_connect+0x150b/0x20a0 [ 183.075868][ T7967] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 183.081259][ T7967] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 183.086591][ T7967] ? kasan_check_write+0x14/0x20 [ 183.091545][ T7967] __inet_stream_connect+0x83f/0xea0 [ 183.096825][ T7967] ? tcp_v6_conn_request+0x2b0/0x2b0 [ 183.102100][ T7967] ? __inet_stream_connect+0x83f/0xea0 [ 183.107556][ T7967] ? inet_dgram_connect+0x2e0/0x2e0 [ 183.112784][ T7967] ? tcp_sendmsg_locked+0x2170/0x37f0 [ 183.118163][ T7967] ? rcu_read_lock_sched_held+0x110/0x130 [ 183.123878][ T7967] ? kmem_cache_alloc_trace+0x354/0x760 [ 183.129424][ T7967] tcp_sendmsg_locked+0x231f/0x37f0 [ 183.134615][ T7967] ? mark_held_locks+0xf0/0xf0 [ 183.139374][ T7967] ? mark_held_locks+0xa4/0xf0 [ 183.144128][ T7967] ? tcp_sendpage+0x60/0x60 [ 183.148618][ T7967] ? lock_sock_nested+0x9a/0x120 [ 183.153542][ T7967] ? trace_hardirqs_on+0x67/0x230 [ 183.158556][ T7967] ? lock_sock_nested+0x9a/0x120 [ 183.163481][ T7967] ? __local_bh_enable_ip+0x15a/0x270 [ 183.168846][ T7967] tcp_sendmsg+0x30/0x50 [ 183.173081][ T7967] inet_sendmsg+0x147/0x5e0 [ 183.177571][ T7967] ? ipip_gro_receive+0x100/0x100 [ 183.182587][ T7967] sock_sendmsg+0xdd/0x130 [ 183.186995][ T7967] __sys_sendto+0x262/0x380 [ 183.191496][ T7967] ? __ia32_sys_getpeername+0xb0/0xb0 [ 183.196871][ T7967] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.203111][ T7967] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.208560][ T7967] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.214006][ T7967] ? do_syscall_64+0x26/0x610 [ 183.218673][ T7967] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.224733][ T7967] __x64_sys_sendto+0xe1/0x1a0 [ 183.229496][ T7967] do_syscall_64+0x103/0x610 [ 183.234077][ T7967] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.239953][ T7967] RIP: 0033:0x4582b9 [ 183.243838][ T7967] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.263425][ T7967] RSP: 002b:00007fa79c617c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 183.271820][ T7967] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 [ 183.279782][ T7967] RDX: 00000000000001fb RSI: 0000000000000000 RDI: 0000000000000005 [ 183.287767][ T7967] RBP: 000000000073bf00 R08: 00000000200000c0 R09: 000000000000001c [ 183.295725][ T7967] R10: 0000000024000000 R11: 0000000000000246 R12: 00007fa79c6186d4 [ 183.303683][ T7967] R13: 00000000004c59b6 R14: 00000000004d9d10 R15: 00000000ffffffff [ 183.311660][ T7923] CPU: 1 PID: 7923 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.320684][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.330737][ T7923] Call Trace: [ 183.334029][ T7923] dump_stack+0x172/0x1f0 [ 183.338366][ T7923] __this_cpu_preempt_check+0x246/0x270 [ 183.343918][ T7923] ip6_finish_output+0x335/0xdc0 [ 183.348869][ T7923] ip6_output+0x235/0x7f0 [ 183.353209][ T7923] ? ip6_finish_output+0xdc0/0xdc0 [ 183.358438][ T7923] ? ip6_fragment+0x3980/0x3980 [ 183.363290][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.368322][ T7923] ip6_local_out+0xc4/0x1b0 [ 183.372832][ T7923] ip6_send_skb+0xbb/0x350 [ 183.377260][ T7923] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 183.382734][ T7923] udpv6_sendmsg+0x21e3/0x28d0 [ 183.387507][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.392549][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.398571][ T7923] ? aa_profile_af_perm+0x320/0x320 [ 183.404120][ T7923] ? __might_fault+0x12b/0x1e0 [ 183.408882][ T7923] ? find_held_lock+0x35/0x130 [ 183.413649][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.419889][ T7923] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.419943][ T7923] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.430895][ T7923] inet_sendmsg+0x147/0x5e0 [ 183.430910][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.430920][ T7923] ? inet_sendmsg+0x147/0x5e0 [ 183.430936][ T7923] ? ipip_gro_receive+0x100/0x100 [ 183.451037][ T7923] sock_sendmsg+0xdd/0x130 [ 183.455459][ T7923] ___sys_sendmsg+0x3e2/0x930 [ 183.460129][ T7923] ? copy_msghdr_from_user+0x430/0x430 [ 183.465569][ T7923] ? __lock_acquire+0x548/0x3fb0 [ 183.470481][ T7923] ? lock_downgrade+0x880/0x880 [ 183.475320][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.481537][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.487772][ T7923] ? debug_smp_processor_id+0x3c/0x280 [ 183.493228][ T7923] ? __might_fault+0x12b/0x1e0 [ 183.497970][ T7923] ? find_held_lock+0x35/0x130 [ 183.502716][ T7923] ? __might_fault+0x12b/0x1e0 [ 183.507457][ T7923] ? lock_downgrade+0x880/0x880 [ 183.512289][ T7923] ? ___might_sleep+0x163/0x280 [ 183.517141][ T7923] __sys_sendmmsg+0x1bf/0x4d0 [ 183.521803][ T7923] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.526809][ T7923] ? _copy_to_user+0xc9/0x120 [ 183.531464][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.537678][ T7923] ? put_timespec64+0xda/0x140 [ 183.542418][ T7923] ? nsecs_to_jiffies+0x30/0x30 [ 183.547251][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.552696][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.558130][ T7923] ? do_syscall_64+0x26/0x610 [ 183.562790][ T7923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.568829][ T7923] ? do_syscall_64+0x26/0x610 [ 183.573493][ T7923] __x64_sys_sendmmsg+0x9d/0x100 [ 183.578416][ T7923] do_syscall_64+0x103/0x610 [ 183.582986][ T7923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.588853][ T7923] RIP: 0033:0x4582b9 [ 183.592730][ T7923] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.612329][ T7923] RSP: 002b:00007f507e452c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.620723][ T7923] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 183.628683][ T7923] RDX: 0400000000000027 RSI: 00000000200002c0 RDI: 0000000000000004 [ 183.636630][ T7923] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 183.644589][ T7923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f507e4536d4 [ 183.652535][ T7923] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 183.662146][ T7923] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7923 [ 183.672306][ T7923] caller is ip6_finish_output+0x335/0xdc0 [ 183.678038][ T7923] CPU: 0 PID: 7923 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 183.687055][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.697097][ T7923] Call Trace: [ 183.700375][ T7923] dump_stack+0x172/0x1f0 [ 183.704694][ T7923] __this_cpu_preempt_check+0x246/0x270 [ 183.710228][ T7923] ip6_finish_output+0x335/0xdc0 [ 183.715155][ T7923] ip6_output+0x235/0x7f0 [ 183.719473][ T7923] ? ip6_finish_output+0xdc0/0xdc0 [ 183.724571][ T7923] ? ip6_fragment+0x3980/0x3980 [ 183.729407][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.734419][ T7923] ip6_local_out+0xc4/0x1b0 [ 183.738914][ T7923] ip6_send_skb+0xbb/0x350 [ 183.743319][ T7923] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 183.748776][ T7923] udpv6_sendmsg+0x21e3/0x28d0 [ 183.753537][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 183.758566][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.764537][ T7923] ? aa_profile_af_perm+0x320/0x320 [ 183.769721][ T7923] ? __might_fault+0x12b/0x1e0 [ 183.774478][ T7923] ? find_held_lock+0x35/0x130 [ 183.779233][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.785473][ T7923] ? rw_copy_check_uvector+0x2a6/0x330 [ 183.790940][ T7923] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 183.796462][ T7923] inet_sendmsg+0x147/0x5e0 [ 183.800958][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 183.806914][ T7923] ? inet_sendmsg+0x147/0x5e0 [ 183.811567][ T7923] ? ipip_gro_receive+0x100/0x100 [ 183.816571][ T7923] sock_sendmsg+0xdd/0x130 [ 183.820966][ T7923] ___sys_sendmsg+0x3e2/0x930 [ 183.825639][ T7923] ? copy_msghdr_from_user+0x430/0x430 [ 183.831091][ T7923] ? __lock_acquire+0x548/0x3fb0 [ 183.836017][ T7923] ? lock_downgrade+0x880/0x880 [ 183.840851][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.847163][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.853381][ T7923] ? debug_smp_processor_id+0x3c/0x280 [ 183.858832][ T7923] ? __might_fault+0x12b/0x1e0 [ 183.863583][ T7923] ? find_held_lock+0x35/0x130 [ 183.868330][ T7923] ? __might_fault+0x12b/0x1e0 [ 183.873080][ T7923] ? lock_downgrade+0x880/0x880 [ 183.877910][ T7923] ? ___might_sleep+0x163/0x280 [ 183.882741][ T7923] __sys_sendmmsg+0x1bf/0x4d0 [ 183.887394][ T7923] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 183.892399][ T7923] ? _copy_to_user+0xc9/0x120 [ 183.897076][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.903919][ T7923] ? put_timespec64+0xda/0x140 [ 183.908673][ T7923] ? nsecs_to_jiffies+0x30/0x30 [ 183.920043][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.925492][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 183.930926][ T7923] ? do_syscall_64+0x26/0x610 [ 183.935576][ T7923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.941665][ T7923] ? do_syscall_64+0x26/0x610 [ 183.946319][ T7923] __x64_sys_sendmmsg+0x9d/0x100 [ 183.951234][ T7923] do_syscall_64+0x103/0x610 [ 183.955801][ T7923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.961667][ T7923] RIP: 0033:0x4582b9 [ 183.965537][ T7923] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.985114][ T7923] RSP: 002b:00007f507e452c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.993501][ T7923] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 184.001453][ T7923] RDX: 0400000000000027 RSI: 00000000200002c0 RDI: 0000000000000004 [ 184.009513][ T7923] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 184.017470][ T7923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f507e4536d4 [ 184.025417][ T7923] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 184.034419][ T7923] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7923 [ 184.044011][ T7923] caller is ip6_finish_output+0x335/0xdc0 [ 184.049771][ T7923] CPU: 1 PID: 7923 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.058791][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.068831][ T7923] Call Trace: [ 184.072101][ T7923] dump_stack+0x172/0x1f0 [ 184.076415][ T7923] __this_cpu_preempt_check+0x246/0x270 [ 184.082102][ T7923] ip6_finish_output+0x335/0xdc0 [ 184.087018][ T7923] ip6_output+0x235/0x7f0 [ 184.091323][ T7923] ? ip6_finish_output+0xdc0/0xdc0 [ 184.096411][ T7923] ? ip6_fragment+0x3980/0x3980 [ 184.101236][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.106249][ T7923] ip6_local_out+0xc4/0x1b0 [ 184.110751][ T7923] ip6_send_skb+0xbb/0x350 [ 184.115142][ T7923] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 184.120578][ T7923] udpv6_sendmsg+0x21e3/0x28d0 [ 184.125313][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.130413][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.136368][ T7923] ? aa_profile_af_perm+0x320/0x320 [ 184.141552][ T7923] ? __might_fault+0x12b/0x1e0 [ 184.146288][ T7923] ? find_held_lock+0x35/0x130 [ 184.151025][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.157236][ T7923] ? rw_copy_check_uvector+0x2a6/0x330 [ 184.162686][ T7923] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 184.168231][ T7923] inet_sendmsg+0x147/0x5e0 [ 184.172715][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.178708][ T7923] ? inet_sendmsg+0x147/0x5e0 [ 184.183360][ T7923] ? ipip_gro_receive+0x100/0x100 [ 184.188361][ T7923] sock_sendmsg+0xdd/0x130 [ 184.192750][ T7923] ___sys_sendmsg+0x3e2/0x930 [ 184.197402][ T7923] ? copy_msghdr_from_user+0x430/0x430 [ 184.202853][ T7923] ? __lock_acquire+0x548/0x3fb0 [ 184.207762][ T7923] ? lock_downgrade+0x880/0x880 [ 184.212597][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.218828][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.225157][ T7923] ? debug_smp_processor_id+0x3c/0x280 [ 184.230604][ T7923] ? __might_fault+0x12b/0x1e0 [ 184.235340][ T7923] ? find_held_lock+0x35/0x130 [ 184.240089][ T7923] ? __might_fault+0x12b/0x1e0 [ 184.244829][ T7923] ? lock_downgrade+0x880/0x880 [ 184.249655][ T7923] ? ___might_sleep+0x163/0x280 [ 184.254478][ T7923] __sys_sendmmsg+0x1bf/0x4d0 [ 184.259148][ T7923] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 184.264152][ T7923] ? _copy_to_user+0xc9/0x120 [ 184.268820][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.275042][ T7923] ? put_timespec64+0xda/0x140 [ 184.279780][ T7923] ? nsecs_to_jiffies+0x30/0x30 [ 184.284615][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.290046][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.295479][ T7923] ? do_syscall_64+0x26/0x610 [ 184.300129][ T7923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.306178][ T7923] ? do_syscall_64+0x26/0x610 [ 184.310829][ T7923] __x64_sys_sendmmsg+0x9d/0x100 [ 184.315742][ T7923] do_syscall_64+0x103/0x610 [ 184.320306][ T7923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.326170][ T7923] RIP: 0033:0x4582b9 [ 184.330039][ T7923] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.349617][ T7923] RSP: 002b:00007f507e452c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.358000][ T7923] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 184.365945][ T7923] RDX: 0400000000000027 RSI: 00000000200002c0 RDI: 0000000000000004 [ 184.373891][ T7923] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 184.381836][ T7923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f507e4536d4 [ 184.389792][ T7923] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff [ 184.401467][ T7923] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/7923 [ 184.410831][ T7923] caller is ip6_finish_output+0x335/0xdc0 [ 184.416534][ T7923] CPU: 1 PID: 7923 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190405 #19 [ 184.425520][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.435554][ T7923] Call Trace: [ 184.438820][ T7923] dump_stack+0x172/0x1f0 [ 184.443127][ T7923] __this_cpu_preempt_check+0x246/0x270 [ 184.448645][ T7923] ip6_finish_output+0x335/0xdc0 [ 184.453656][ T7923] ip6_output+0x235/0x7f0 [ 184.457965][ T7923] ? ip6_finish_output+0xdc0/0xdc0 [ 184.463052][ T7923] ? ip6_fragment+0x3980/0x3980 [ 184.467878][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.472876][ T7923] ip6_local_out+0xc4/0x1b0 [ 184.477353][ T7923] ip6_send_skb+0xbb/0x350 [ 184.481766][ T7923] udp_v6_send_skb.isra.0+0x839/0x14f0 [ 184.487204][ T7923] udpv6_sendmsg+0x21e3/0x28d0 [ 184.491944][ T7923] ? ip_reply_glue_bits+0xc0/0xc0 [ 184.496947][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.502905][ T7923] ? aa_profile_af_perm+0x320/0x320 [ 184.508076][ T7923] ? __might_fault+0x12b/0x1e0 [ 184.512813][ T7923] ? find_held_lock+0x35/0x130 [ 184.517554][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.523778][ T7923] ? rw_copy_check_uvector+0x2a6/0x330 [ 184.529251][ T7923] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 184.534882][ T7923] inet_sendmsg+0x147/0x5e0 [ 184.539360][ T7923] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 184.545321][ T7923] ? inet_sendmsg+0x147/0x5e0 [ 184.549967][ T7923] ? ipip_gro_receive+0x100/0x100 [ 184.554963][ T7923] sock_sendmsg+0xdd/0x130 [ 184.559352][ T7923] ___sys_sendmsg+0x3e2/0x930 [ 184.564004][ T7923] ? copy_msghdr_from_user+0x430/0x430 [ 184.569438][ T7923] ? __lock_acquire+0x548/0x3fb0 [ 184.574347][ T7923] ? lock_downgrade+0x880/0x880 [ 184.579171][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.585382][ T7923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.591609][ T7923] ? debug_smp_processor_id+0x3c/0x280 [ 184.597042][ T7923] ? __might_fault+0x12b/0x1e0 [ 184.601795][ T7923] ? find_held_lock+0x35/0x130 [ 184.606531][ T7923] ? __might_fault+0x12b/0x1e0 [ 184.611271][ T7923] ? lock_downgrade+0x880/0x880 [ 184.616103][ T7923] ? ___might_sleep+0x163/0x280 [ 184.620933][ T7923] __sys_sendmmsg+0x1bf/0x4d0 [ 184.625585][ T7923] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 184.630591][ T7923] ? _copy_to_user+0xc9/0x120 [ 184.635255][ T7923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.641470][ T7923] ? put_timespec64+0xda/0x140 [ 184.646206][ T7923] ? nsecs_to_jiffies+0x30/0x30 [ 184.651046][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.656478][ T7923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.661911][ T7923] ? do_syscall_64+0x26/0x610 [ 184.666567][ T7923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.672612][ T7923] ? do_syscall_64+0x26/0x610 [ 184.677262][ T7923] __x64_sys_sendmmsg+0x9d/0x100 [ 184.682175][ T7923] do_syscall_64+0x103/0x610 [ 184.686743][ T7923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.692709][ T7923] RIP: 0033:0x4582b9 [ 184.696578][ T7923] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 06:48:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)) 06:48:04 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000080)={0x1}, 0x8) sendto$inet6(r1, 0x0, 0x1fb, 0x24000000, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) 06:48:04 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) 06:48:04 executing program 2: r0 = socket(0x2, 0x1, 0x0) connect$unix(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="82022e0104696c653000"], 0x1) 06:48:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x2000000008}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0) 06:48:04 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f000000b000)={0x0, 0x0, &(0x7f00005a6ff0)={&(0x7f0000451ccc)=@updsa={0xf0, 0x1a, 0x1, 0x0, 0x0, {{@in6=@dev, @in=@loopback}, {@in6, 0x0, 0x2b}, @in6, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0) [ 184.716156][ T7923] RSP: 002b:00007f507e452c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.724556][ T7923] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004582b9 [ 184.732585][ T7923] RDX: 0400000000000027 RSI: 00000000200002c0 RDI: 0000000000000004 [ 184.740528][ T7923] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 184.748473][ T7923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f507e4536d4 [ 184.756416][ T7923] R13: 00000000004c5230 R14: 00000000004d9380 R15: 00000000ffffffff 06:48:04 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) 06:48:04 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000080)={0x1}, 0x8) sendto$inet6(r1, 0x0, 0x1fb, 0x24000000, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) 06:48:04 executing program 2: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x40000000, 0x0, 0x0, 0x19}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 06:48:04 executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000080)={{0x3, @default}, [@default, @null, @bcast, @default, @bcast, @netrom, @default, @default]}, 0x48) sendto$ax25(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={{0x3, @rose, 0xa}, [@bcast, @netrom, @null, @default, @bcast, @rose, @default, @bcast]}, 0x48) 06:48:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)) 06:48:04 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) 06:48:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0) 06:48:04 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x1fb, 0x24000000, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) 06:48:04 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0='bpq0\x00', 0xc) bind$ax25(r0, &(0x7f0000000380)={{0x3, @netrom}, [@rose, @default, @netrom, @bcast, @rose, @netrom, @rose, @null]}, 0x48) connect$ax25(r0, &(0x7f0000000100)={{}, [@remote, @bcast, @remote, @null, @rose, @bcast, @null]}, 0x44) 06:48:04 executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000000000)=@bpq0='bpq0\x00', 0xc) bind$ax25(r0, &(0x7f0000000380)={{0x3, @netrom}, [@rose, @default, @netrom, @bcast, @rose, @netrom, @rose, @null]}, 0x48) connect$ax25(r0, &(0x7f0000000040)={{0x3, @null, 0x8}, [@bcast, @default, @null, @remote, @remote, @netrom, @remote, @null]}, 0x48) connect$ax25(r0, &(0x7f0000000100)={{}, [@remote, @bcast, @rose, @null, @rose, @bcast, @null]}, 0x10) 06:48:04 executing program 4: openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) 06:48:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)) [ 185.130964][ T8023] ax25_connect(): syz-executor.2 uses autobind, please contact jreuter@yaina.de 06:48:04 executing program 4: openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) 06:48:04 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x1fb, 0x24000000, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) 06:48:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0) [ 185.173522][ T8028] ax25_connect(): syz-executor.0 uses autobind, please contact jreuter@yaina.de [ 185.208862][ T8028] ax25_connect(): syz-executor.0 uses autobind, please contact jreuter@yaina.de 06:48:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)) 06:48:04 executing program 4: openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) 06:48:04 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000080)={{0x3, @default}, [@default, @null, @bcast, @default, @bcast, @netrom, @default, @default]}, 0x48) sendto$ax25(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={{0x2, @rose}, [@bcast, @netrom, @null, @default, @bcast, @rose, @default, @bcast]}, 0x48) [ 185.261849][ T8028] ax25_connect(): syz-executor.0 uses autobind, please contact jreuter@yaina.de 06:48:04 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x1fb, 0x24000000, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) 06:48:04 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000200), 0x42400) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240)={[{0x2b, 'memory'}]}, 0x8) 06:48:04 executing program 2: socket$kcm(0xa, 0x2, 0x88) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) gettid() sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="2e0000001e008109e00f80ecdb4cb92e0a4824181e0cd30be8bd6efb080003000e00140013000000060005001200", 0x2e}], 0x1}, 0x0) 06:48:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000027, 0x0) 06:48:04 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0x40047438, 0x0) 06:48:04 executing program 1: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000400))